WHITE PAPER Internet File Transfers: Contents
Transcription
WHITE PAPER Internet File Transfers: Contents
WHITE PAPER Contents Introduction .................................... 1 Internet File Transfers: Security Holes and How to Fix Them The Problem with FTP .................... 1 Ten Essential Features to Look for in an FTP Replacement ............. 1 Five Secure Data-Exchange Scenarios ......................................... 3 Scenario 1: Financial services company ....................................... 3 Scenario 2: IT organization ................ 3 Scenario 3: Health care organization .................................. 3 Scenario 4: Manufacturing company ....................................... 4 Scenario 5: Organizations using services providers for payroll and health insurance .................... 4 AttachmateWRQ: Securing Data in Motion ........................................ 4 File transfer capabilities in SSH ........... 4 File transfer capabilities in SSL/TLS ..... 5 AttachmateWRQ security solutions .... 5 SSH and SSL/TLS: Your Safest Alternatives ..................................... 6 About AttachmateWRQ .................... 6 AttachmateWRQ • January, 2006 1 Introduction As the demand for information sharing grows, the Internet has become the medium of choice for organizations that want quick, easy, and affordable file exchange. Most organizations today use File Transfer Protocol (FTP) to move private information across the public Internet. But FTP poses serious security risks that cannot be ignored. This white paper highlights the problem with FTP and outlines the ten essential features to look for in an FTP replacement. It describes five scenarios in which products based on Ten Essential Features to Look for in an FTP Replacement the SSH and SSL/TLS protocols can ensure reliable and The ideal replacement for FTP would provide the protocol’s affordable file-transfer security. Finally, this paper tells strengths—speed, ease of use, and interoperability—as how AttachmateWRQ file-transfer solutions ensure well as the requisite security required for public Internet interoperability, confidentiality, and integrity for data travel. Equipped with these capabilities, you could easily in motion. replace traditional EDI, an expensive solution that requires leased lines and value-added network charges. You could also augment secure e-mail, another popular file-transfer The Problem with FTP In terms of exchanging information, the speed, ease mechanism that is limited by the size of the attachment it can deliver. of use, and affordability of the Internet is undeniable. The ten essential features to look for in an FTP replacement For organizations, it is like having a pre-designed are highlighted below: telecommunications infrastructure as their disposal. And 1. Industry-standard client connectivity FTP has become the preferred mode of transportation Because you cannot control what software your partners for moving files. and customers use for their client connections, you want Because it is a standards-based protocol, FTP is highly to choose a security solution that is readily available interoperable. It is also fast, familiar, and easy to use. For and based on industry-standard protocols. These features these reasons, it has gained popularity among all types of will simplify and cut the costs of data exchange. You will organizations—from large and small businesses to also want to allow for different styles of doing file transfer. government agencies and nonprofits. In some cases, you will want a browser connection using But FTP has one inherent problem: it is dangerously nonsecure. Any information transmitted via FTP travels over the network in clear text, which means anyone with a sniffer can read it. Furthermore, logons to FTP servers require a user name and password, which also travel in unprotected clear text and an on-demand thin client. In others, you will need a command-line client that can be scripted for automation. Or you may opt for a Windows client with a graphicaluser interface that makes file transfers easy for users. 2. Data confidentiality can be easily grabbed by malicious individuals with just a The Internet is a public network, so it is imperative that hint of technical savvy. This lack of security is particularly you scramble sensitive data to make it unreadable risky for organizations governed by stringent regulations during transmission. To that end, you need a standard aimed at protecting sensitive data. means of encryption, such as Secure Sockets Layer (SSL), Transport Layer Security (TLS, the newer version of SSL), or Secure Shell (SSH). These protocols all include a range of standard encryption ciphers that provide different strengths of encryption. 2 3. Data integrity 7. Auditing People with malicious intent thrive on tampering with If a client or server is compromised and data are retrieved data—for example, changing account balances or purchase- illicitly, you will want to know what happened. By logging order amounts. To ensure that bits remain intact as they incoming and outgoing transmissions, auditing tools can travel from client to server or between servers, you will help identify suspicious usage patterns, inadvertent or need some type of message authentication code. This overlooked access, and mischievous or purposeful attacks. code will also serve as a way to ensure message authenticity. These tools are crucial to discovering both apparent and In addition, you will want an automatic way to restart an subtle forms of intrusion, making them a critical part of interrupted transfer at the point where the connection your security solution. was dropped. 4. Authentication 8. Centralized management In order to meet growing demands for information from To launch a secure session, users must be able to verify whole new audiences of users, centralized management their identities and establish their rights to connect to of the client side of the file-transfer process is essential. a given server. They must also be assured that they are In fact, it is the only effective way to tackle today’s fast- connecting to the right server. This two-way authentication changing configuration and deployment requirements. should take place in a secure way—either via strong authentication or via user name and password encryption. Without a solid authentication method, intruders can easily gain access to private files and systems via sniffing, social engineering, or password guessing. 5. Automation Organizations often automate routine file transfers to save time and money. For example, large commercial businesses use batch processing extensively for back-office tasks; multiple files can be transferred in a batch when the load on back-office systems is light. These jobs are scheduled and typically run via scripts. The key is to make sure that the scripts are using secure mechanisms to upload data. 6. Access control Most organizations want to give users access only to specific directories on the internal network, which requires defining users and their access rights. Organizations also want to limit the number of open ports in their firewalls to minimize the chances of malicious traffic getting through. 9. Cross-platform support Your customers or partners may be running on platforms that are different from your own, which is probably heterogeneous. For that reason, the ideal secure filetransfer solution will provide cross-platform support. 10. End-to-end security Moving a file securely across the Internet is one thing; getting that file securely to the end point (the server that it updates) is another. The vast majority of financial fraud is the result of internal hacking rather than external penetration of a secure network, so the last leg of protection, from the DMZ to the back office, is critical. To guard against these inside jobs, you need end-toend security. Careful consideration of these issues will help you choose the safest possible solution for data exchange—and save you time and money in the long run. 3 Five Secure Data-Exchange Scenarios Organizations have different secure data-exchange needs. The following five scenarios show how standards-based secure file transfer can provide a low-cost and reliable way to protect data in motion. Scenario 1: Financial services company This scenario involves a financial services company that needs to transfer account information, conduct debit and credit transactions, and send check images. The company’s security solution is to run SSH File Transfer Scenario 2: IT organization In this scenario, system administrators need to transfer configuration files, change user accounts, monitor usage records, and create new web pages. Because administrators have root access to servers and often work over the Internet, they must protect their user names and passwords. By replacing FTP with sftp, the administrators can ensure that their user names and passwords are encrypted as they cross the wire. Alternatively, the administrators can use a stronger method of authentication—user public keys— to replace their passwords. Protocol (sftp) and secure copy (scp)—two secure file-transfer mechanisms that are part of the SSH protocol—on a gateway or bastion host in the DMZ. This configuration allows limited application-level access between the external and the internal networks. The sftp transfers are interactive, but scp transfers are automated so no user interaction is required. Authentication is host-based or accomplished using public keys with agent Scenario 2: After-hours administrator working from home forwarding. (Another way to use the gateway host is to use Scenario 3: Health care organization the proxy-command feature to tunnel the sftp session from This scenario centers on a health care organization that the gateway to the back-office servers.) Just one port— moves patient records internally, from server to server, and SSH port 22—needs to be open in the firewall to let these exchanges them with external entities. transfers pass through. After an external audit found passwords and sensitive patient information traveling across the network in plain text, the organization received a mandate to shut down FTP. Instead of FTP, which was used both internally and with partners, the organization adopted the SSH and SSL protocols. Now, partners can choose to use either protocol to the DMZ. Internally, the protocol of choice depends on which one is best suited to the relevant server environment. Scenario 1: Partners sending financial information Scenario 3: A health-care organization moving patient records internally and externally 4 Scenario 4: Manufacturing company In this scenario, a manufacturing company in a highly competitive industry has a number of partners, both for building its products and for marketing them. The latest design specs and customer lists represent intellectual property that needs to be protected, particularly because the industry is known for industrial espionage. By using the SSH protocol suite and setting up one server behind the firewall for all sensitive file transfers, the company can monitor and safeguard all confidential communications. AttachmateWRQ: Securing Data in Motion For secure file transfer, AttachmateWRQ offers a variety of client and server solutions that are all based on the industrystandard SSH and SSL/TLS protocols. This section describes the secure file-transfer capabilities of these protocols and how they fit into the AttachmateWRQ security solution set. File transfer capabilities in SSH The main purpose of SSH is to transmit data over network connections using strong encryption and authentication methods. SSH is a replacement for nonsecure Telnet, FTP, X11, and Berkeley r-commands (rlogin, rcp and rsh)—all of which transmit data in the clear. Currently, there are two versions of SSH: SSH1 and SSH2. The two versions are based on two distinctly different protocols, and they’re not compatible. Also, SSH1 has been deprecated and is not recommended for use. For our purposes—securing file transfers—we are dealing with SSH2, which has been standardized through the Internet Scenario 4: A manufacturing company exchanging intellectual property with partners Scenario 5: Organizations using services providers for payroll and health insurance Whenever organizations exchange employee data (such as personal identification numbers, insurance claims, and medical information) with third-party providers, electronic files must be kept secure. SSH is a good fit here. With scp, file transfers can be easily automated. Engineering Task Force (IETF). In SSH, the rcp (remote copy) command-line utility is replaced by the scp command-line utility (rcp has traditionally been used in UNIX environments for copying named files and directories). FTP is replaced by sftp, which provides all the functionality of FTP without the risks. Written as a subsystem for SSH2, sftp encrypts every bit—user names and passwords, directory listings, and files—exchanged between an sftp client and server. With the sftp capabilities in SSH, organizations can turn FTP off and eliminate that vulnerable point in the network. SSH uses strong encryption ciphers, such as 3DES and AES, for data privacy, it also uses hashed message authentication code (HMAC) algorithms for integrity checking. Scenario 5: Organizations using service providers for payroll and health insurance 5 File transfer capabilities in SSL/TLS Something to consider when pushing FTP through an SSL SSL was developed to secure transactions over the web. tunnel is the dual-channel nature of the FTP protocol. FTP It provides optional certificate-based authentication and requires two tunnels—one for the control channel and one secure data transfers using strong encryption. SSL 3.0 was for the data channel—which means you need to open two used by the IETF as the basis for developing a standard ports in your firewall. AttachmateWRQ solutions include a protocol to duplicate SSL functionality—known as Transport “firewall-friendly” way of sending FTP traffic over SSL that Layer Security or TLS. requires only one port to be open. SSL 3.0 and TLS 1.0 have slight differences. TLS uses HMAC AttachmateWRQ security solutions algorithms for integrity checking, which is harder to break AttachmateWRQ security solutions include both the SSH than the MAC used in SSL. But because the differences in and SSL/TLS protocols: these two protocols are negligible we will refer to the SSL/TLS protocol in this paper. • Reflection for Secure IT SSH servers for Windows, UNIX, and Linux as well as SSH thick clients for Windows, UNIX, and Linux. SSL/TLS does not replace FTP the way that SSH does; rather SSL/TLS can be used to create secure encrypted tunnels for FTP traffic. Two RFCs describe how to handle this process: • Reflection for the Web SSL/TLS thin clients for any platform and SSL/TLS proxy server for any platform. • FTP over SSL (RFC 2228), which extends the FTP protocol to provide strong authentication, integrity, and confidentiality on both the control and data channels. • TLS (RFC 2246), which defines the protocol designed to allow client/server applications to communicate • EXTRA! X-treme SSH and SSL/TLS thick clients for Windows. • Reflection emulation software SSH and SSL/TLS thick clients for Windows. over the Internet without eavesdropping, tampering, Table 1 provides a quick way for you to see which or message forgery. AttachmateWRQ products provide the security measures you need. Table 1: AttachmateWRQ Security Solutions AttachmateWRQ SSL/TLS solutions AttachmateWRQ SSH solutions Client connectivity On demand via a browser Command-line interface Yes Thin clients work with any browser. Yes Graphical interface Yes Interoperability Yes Support for RFC 2228 and RFC 2246. No Thin client support for sftp not yet available. Yes Available with both scp and sftp. Yes Available with sftp. Yes Support for RFC 4251. Data confidentiality Encryption SSL/TLS SSH Yes Choice of cipher strength, including AES and 3DES. Yes Support for SSL 3.0 and TLS 1.0. Not applicable Support for SSH2. Yes Choice of cipher strength, including AES, 3DES, and Blowfish. Not applicable Integrity checking through hashed message authentication codes. No Integrity checking through hashed message authentication codes. Yes Yes Data integrity Message remains unchanged Automatic checkpoint restart continued on next page 6 Table 1: AttachmateWRQ Security Solutions (continued) AttachmateWRQ SSL/TLS solutions AttachmateWRQ SSH solutions User name/password Public keys Yes No Digital certificates Yes Support for x.509 certificates; cert-signing and cert-generating tool comes with the management server. Yes Yes Yes Can be used instead of user name and password; key agent for SSO to multiple servers; authentication of both server and client. Yes Support for x.509 certificates. Authentication Kerberos Yes Automation Scriptable Scheduled Yes Yes Through external program. Yes Yes Through external program. Ability to limit access to specific directories Ability to set access rights per user No Firewall friendly Yes With the SSL proxy server, only one port needs to be open in the firewall. Yes Through chrooting and virtual directories. Yes Users can be restricted to sftp only; servers enforce security permissions for read/write access to each file and folder. Yes Only one port is open in the firewall. Access control Yes Through management server and secure token authentication feature. Auditing Logging Yes Ability to set various logging levels; metering server provides centralized logs and reporting. Yes Ability to set various logging levels. Yes Client configurations through the management server. Yes Through configuration in the management server. Yes Client configurations through the management server. Yes Through configuration in the management server. Cross-platform support Yes Thick clients for Windows; thin clients run in a browser on any platform; SSL proxy server runs on any platform with a JVM. Yes Thick clients for Windows, UNIX, and Linux; servers run on Windows, UNIX, and Linux. End-to-end security Yes SSL proxy server can run on the target server or can use SSL to tunnel from proxy to target server. Yes SSH servers generally run on target servers. Centralized management Centralized configuration of connections Centralized user-access control SSH and SSL/TLS: Your Safest Alternatives Although FTP is a tried and true method of delivering files over the Internet, its use can seriously jeopardize the security of your organization’s private information. Replacing or augmenting FTP with the industry-standard SSH and SSL/TLS protocols is a practical, reliable, and affordable alternative. AttachmateWRQ offers a variety of client and server security options that are based on these protocols. With our products, which are designed to work with both existing and planned security policies, you can effectively ensure the safety of data in motion. About AttachmateWRQ AttachmateWRQ, the leader in universal host access and integration, helps you maximize the value of your existing IT investments as you advance your long-term business strategies. More than 40,000 customers, representing over 16 million desktops worldwide, use AttachmateWRQ products and services to extend, manage, and secure their enterprise assets. Learn more at www.attachmatewrq.com. Corporate Headquarters 1500 Dexter Avenue North Seattle, Washington 98109 TEL 206 217 7500 800 872 2829 FAX 206 217 7515 EMEA Headquarters The Netherlands TEL +31 71 368 1100 FAX +31 71 368 1181 Asia Pacific Headquarters Australia TEL +61 3 9825 2300 FAX +61 3 9825 2399 Latin America Headquarters Mexico TEL +52 55 5658 7755 FAX +52 55 5658 6393 WEB Attachmatewrq.com E-MAIL info@attachmatewrq.com © 2006 Attachmate Corporation. All Rights Reserved. The content of this document is furnished for informational use only, is subject to change without notice, and should not be construed as a commitment by Attachmate Corporation, dba AttachmateWRQ. AttachmateWRQ assumes no responsibility or liability for any errors or inaccuracies that may appear in the informational content contained in this document. AttachmateWRQ, the AttachmateWRQ logo, and Reflection are trademarks or registered trademarks of Attachmate Corporation. All other trademarks, trade names or company names referenced herein are used for identification only and are the property of their respective owners. Except as may be expressly stated in this document, any use of non-Attachmate Corporation trademarks in this document is not intended to represent that the owners of such trademarks sponsor, are affiliated with, or approve products from AttachmateWRQ. Printed in the USA. 06-0008.0106